get_attribute() in TMF.cpp returns NULL if the sought attribute is missing. The constructor of std::string is invoked implicitly, leading to a crash (std::string(NULL)). The check at TMF.cpp:602 is ineffective, since it occurs after the NULL pointer is dereferenced.
Impact
Denial of Service.
Proposed mitigation
Perform a NULL check on the return values from get_attribute before constructing strings from them. Ensure that the NULL check terminates parsing, as proposed in #5118 and #5119.
The text was updated successfully, but these errors were encountered:
Summary
A crafted 3MF XML document can cause a crash due to a NULL pointer dereference during parsing.
Vulnerable versions
Step to reproduce
3dmodel.3dmodel):nullptr_3mf_volume.3mfslic3r --info nullptr_3mf_volume.3mfExample file
nullptr_3mf_volume.zip
Cause
get_attribute()in TMF.cpp returns NULL if the sought attribute is missing. The constructor ofstd::stringis invoked implicitly, leading to a crash (std::string(NULL)). The check at TMF.cpp:602 is ineffective, since it occurs after the NULL pointer is dereferenced.Impact
Denial of Service.
Proposed mitigation
Perform a NULL check on the return values from
get_attributebefore constructing strings from them. Ensure that the NULL check terminates parsing, as proposed in #5118 and #5119.The text was updated successfully, but these errors were encountered: